NGO Compliance: Donor Due Diligence and Reporting Requirements
Complete guide to NGO compliance in the UK: donor due diligence, Charity Commission reporting, AML obligations, document verification requirements and automation.
Summarize this article with
ChatGPT
Claude
Perplexity
Gemini
GrokNon-governmental organisations face increasing scrutiny from regulators and donors alike. The Financial Action Task Force (FATF) Recommendation 8, updated in 2023, identifies the non-profit sector as exposed to terrorist financing risks and requires countries to apply a risk-based approach to NPO oversight. In the UK, the Charity Commission for England and Wales, HMRC, and the National Crime Agency all play roles in ensuring that charities operate transparently and do not become conduits for illicit funds.
This article is provided for informational purposes only and does not constitute legal, financial or regulatory advice. Regulatory references are accurate as of the date of publication. Consult a qualified professional for guidance specific to your situation.
This guide sets out the specific obligations that apply to UK-registered NGOs and charities, the documents required for donor due diligence, and how automated verification can reduce administrative burden while improving compliance quality.
UK Regulatory Framework for NGOs and Charities
The Charities Act 2011 establishes the foundational governance requirements for registered charities in England and Wales, including the obligation to maintain proper financial records and file annual returns with the Charity Commission (Charity Commission, Charities Act 2011 guidance).
For AML obligations, the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) are the primary instrument. While most charities are not directly listed as "obliged entities" under MLR 2017, those operating financial services or payment facilities are. More broadly, the Counter-Terrorism Act 2000 and the Terrorism Act 2000 impose obligations on any organisation, including charities, to avoid facilitating terrorist financing.
The Charity Commission published its updated safeguarding guidance in 2024 and its counter-terrorism risk framework in early 2025, requiring charities operating in conflict zones or receiving international donations to implement enhanced due diligence procedures. As of January 2025, charities with annual income exceeding ยฃ1 million must include a specific counter-fraud and anti-terrorism section in their trustees' annual report (Charity Commission, Annual Return guidance 2025).
HMRC administers Gift Aid, which provides tax relief to charities on donations from UK taxpayers. Misuse of Gift Aid โ for example by accepting donations from ineligible donors or inflating donation values โ carries criminal penalties under the Finance Act 2000 and can result in repayment demands and loss of charitable status.
Donor Due Diligence: Required Documents by Donor Type
The level of due diligence required depends on donor type, donation size, and risk profile. UK charities should establish a written risk-based policy that maps each donor category to a corresponding verification requirement.
| Donor Type | Threshold | Required Documents | Due Diligence Level |
|---|---|---|---|
| Individual (one-off) | Under ยฃ1,000 | None required | Simplified |
| Individual (regular) | ยฃ1,000โยฃ5,000/year | Photo ID, proof of address | Standard |
| Individual (major donor) | Over ยฃ5,000/year | Photo ID, proof of address, source of wealth statement | Enhanced |
| Corporate donor | Any amount | Companies House certificate, director IDs, beneficial ownership declaration | Enhanced |
| Foreign foundation | Any amount | Foreign register extract, governing documents, beneficial owners | Enhanced + FATF screening |
| Anonymous donor | Over ยฃ500 | Refusal or full identity verification | Maximum |
The Charity Commission's guidance on accepting donations states that charities should refuse donations where they cannot satisfy themselves about the source of funds, particularly for donations offered anonymously or from high-risk jurisdictions (Charity Commission, Accepting donations guidance CC29).
Politically Exposed Persons (PEPs) โ foreign government officials, senior public figures and their close associates โ require enhanced due diligence regardless of donation size. This obligation flows from MLR 2017 Regulation 35 and applies where the charity has reason to believe the donor is a PEP.
A common question raised in charity compliance forums and on Reddit's r/compliance is whether smaller charities need to verify long-standing donors. The answer is yes for enhanced due diligence categories: relationship history does not exempt a charity from verifying donor identity where the risk profile warrants it. Periodic re-verification every three years is considered good practice for major donors.
Reporting Obligations
Suspicious Activity Reports
Any charity that suspects a donation or transaction may be connected to money laundering or terrorist financing must submit a Suspicious Activity Report (SAR) to the National Crime Agency (NCA) via the NCA SARs online portal. Failure to report carries criminal liability under the Proceeds of Crime Act 2002 (POCA) and the Terrorism Act 2000.
The tipping-off prohibition applies: a charity submitting a SAR must not inform the donor that a report has been made. Internal procedures should ensure that this information is strictly controlled within the organisation.
Charity Commission Annual Returns
Charities with annual income above ยฃ10,000 must file an annual return with the Charity Commission. The return requires disclosure of income sources, major donors above ยฃ25,000, and any significant transactions or events during the year. As of the 2025 reporting cycle, the Charity Commission requires explicit confirmation that the trustees have reviewed their counter-terrorism and anti-fraud controls.
HMRC Gift Aid Compliance Records
Charities claiming Gift Aid must retain gift declarations from donors for six years after the last claim is made. HMRC can conduct compliance checks and demand repayment of Gift Aid claimed on ineligible donations, with interest and penalties applicable to careless or deliberate errors under the Finance Act 2007.
Ready to automate your checks?
Free pilot with your own documents. Results in 48h.
Request a free pilotInternational Donors and Cross-Border Compliance
Donations from abroad introduce additional compliance complexity. FATF identifies NGOs receiving cross-border funds from high-risk jurisdictions as carrying an elevated risk of terrorist financing, particularly where the organisation operates in conflict-affected regions (FATF, Best Practices Paper on Combating the Abuse of NPOs, 2023).
Practical steps for managing international donor compliance include:
- Checking donor organisations against the UK's consolidated sanctions list maintained by the Office of Financial Sanctions Implementation (OFSI) at HM Treasury
- Verifying that the donating organisation is registered and in good standing in its home jurisdiction
- Obtaining bank transfer records that confirm the source of funds flows from a regulated financial institution
- Reviewing the FATF grey list and black list for the donor's country of domicile
For charities with operations in conflict zones, the Charity Commission's OCHA-aligned guidance recommends establishing enhanced due diligence protocols for all local partners and sub-grantees, including document verification for organisational registration and key personnel identity.
Automating Donor Document Verification
Manual processing of donor due diligence files is resource-intensive for small charity teams. A mid-sized NGO receiving 300 enhanced due diligence cases per year spends approximately 900 hours on document verification at a manual processing rate of three hours per file.
Our platform processes over 180,000 documents per month with a fraud detection rate of 94.8%, including NGO donor verification files. Forged identity documents, falsified company registration certificates, and altered bank statements are identified within seconds through a combination of advanced OCR and metadata validation.
CheckFile.ai supports charity compliance teams with:
- Automated identity document verification (UK passport, driving licence, biometric residence permit)
- Companies House certificate validation for corporate donors
- PEP and sanctions screening integration
- Secure document storage with full audit trail for Charity Commission and HMRC compliance
To explore document verification solutions for the charity sector or review pricing options for NGOs, visit our dedicated pages. For organisations also managing employee right-to-work checks, CheckFile provides an integrated workflow.
For a broader view of compliance documentation requirements across industries, see our industry verification guide and our AML compliance guide.
Frequently Asked Questions
Do small charities need to comply with AML regulations?
Most small charities are not directly listed as obliged entities under MLR 2017, but all charities are subject to the Terrorism Act 2000 and POCA 2002, which require them to avoid facilitating money laundering or terrorist financing and to report suspicions to the NCA. The Charity Commission's guidance strongly recommends a risk-based due diligence policy for any charity receiving large or unusual donations, regardless of size.
What documents does a UK charity need to verify a major donor?
For an individual major donor (over ยฃ5,000), a certified copy of a photo ID (UK passport or driving licence) and a recent proof of address are the minimum. For a source of wealth statement, bank references or professional letters may be requested. For corporate donors, a Companies House extract, director identification, and a beneficial ownership declaration under the Persons of Significant Control (PSC) register are required.
How long must charities retain donor due diligence records?
HMRC requires Gift Aid declarations to be retained for six years after the last relevant claim. The Charity Commission recommends retaining due diligence documentation for at least five years after the end of the donor relationship, consistent with POCA and Terrorism Act obligations. Digital retention is acceptable provided document integrity and accessibility can be guaranteed.
What is a SAR and when must a charity file one?
A Suspicious Activity Report (SAR) must be filed with the National Crime Agency when a charity has knowledge or suspicion that a donation or transaction is connected to money laundering or terrorist financing. The obligation is triggered by suspicion, not certainty. Filing a SAR provides the submitting charity with a consent defence if it proceeds with the transaction after the NCA has had seven working days to respond.
Can charities accept cryptocurrency donations?
Cryptocurrency donations are legally permissible but carry specific compliance risks. The Charity Commission's updated 2024 guidance recommends that charities accepting cryptocurrency treat the donor as an anonymous high-risk donor unless full identity verification can be completed, and that they immediately convert the donation to fiat currency through a regulated exchange. Enhanced due diligence and SAR procedures apply to any cryptocurrency donation above ยฃ1,000.
Stay informed
Get our compliance insights and practical guides delivered to your inbox.